Distinctive approach

 

Growing corporate value with technology that grows revenue and more efficiently enables quality to external customers.

Emphasizing the right actions begins with distinctions:

• First, between 1) “risk assessment” of any particular area and actual management of all IT-related risk to a profit and loss-aligned set of business objectives.
• Second, between security policy compliance and actual management of IT/information security related risk to a profit and loss-aligned set of business objectives.
• Third, between managing IT-operations-related risk and all IT-related business risk that includes IT investment portfolio selection and implementation. The larger and more complex the organization, usually the greater these risks to business performance objectives than IT operations.

Then, these distinctions influence the design of both the program to manage risk and the actual management of risk.

• In particular, in the selection of people skills (training and past roles) and personalities.
• Misunderstanding these distinctions is the cause of wasted time and cost, false sense of security, blind spots, weak business cases for action and lost business revenue opportunities.
• These complications and challenges are largely overcome through the performance-driven approach to managing IT-related business risk  as described in The Operational Risk Handbook -- the basis of our outcomes acceleration workshops.

Understanding these distinctions enables a focus on:

• Systems and causes instead of “loss events”
• Identifying and overcoming the three catalysts of risk – change, complexity and fatigue
• Making the sharp distinction between risk management program and actually managing risk to business objectives
• Simplifying the management of risk to avoid amplifying risk in an already changing and complex world.
• Management practices, culture and organization change rather than controls.

 

 

Services

 

Summary

• Evaluation of IT Risk - knowing the business, asking "what if?" and watching for warning signs
• Scenario analysis
• Response to IT Risk - prioritizing, improving, reacting and recovering
• Business cases for improvement

 

Outcome acceleration

 

Core Fitness -- Managing risk to business performance the 5+2 way

• Managing risk to objectives is fundamental to business (strategy, products, sales, operations and IT) as it is to sports, baking a cake or driving a car. As described in The Operational Risk Handbook, this workshop is designed to apply that practical performance-driven approach to provide more actionable insight for business-IT decisions. Better decisions lead to better outcomes.

Scenario analysis – heart of managing risk

• Scenario analysis, asking "What if?" is the heart of managing risk.
• If this fails, all else fails.
• This workshop is designed for hands-on practice with this approach to bring more practical benefit to current business-IT situations.

Traction time -- Activity-specific scenario analysis workshops.

• Focused on a single business area (e.g., line, geographic, product or IT service line if viewed as a "business"), they are rapid action to engage that team and better manage risk to operational and financial performance objectives.

 
Train the facilitator – a 3 step approach to build capacity for sustainable change in an organization.

• Step 1 is a knowledge transfer workshop where a group of facilitators is trained.
• Step 2 a trainer(s) assists a ValueBridge Advisors facilitator of a “Traction Time” workshop.
• Step 3 the trainee is the facilitator of a “Traction Time” workshop and a VaueBridge Advisors facilitator assists the trainee to “graduate” to independence.

Outcome acceleration delivery

• Outcome acceleration workshops
• “Teach to fish” personal guidance for the dynamics of your role and your organization
• Accelerator widgets -- diagnostics, actions and progress measures to accelerate alignment gap closure
• Conversation clarifiers to cut churn; and improve situational awareness and alignment with management, board or investors